Avaya Port Matrix. Avaya Orchestrator 1.4. Issue 1.0 November 2, November 2018 Avaya Port Matrix: Avaya Orchestration 1.4 1

Similar documents
Avaya Port Matrix: Avaya Aura Appliance Virtualization Platform 7.0

Avaya Port Matrix: Avaya Proprietary Use pursuant to the terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Communicator for Microsoft Lync 6.4. Avaya Proprietary Use pursuant to the terms of your signed agreement or Avaya policy.

Avaya Proprietary Use pursuant to the terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Diagnostic Server 3.0

Avaya Port Matrix: Avaya Aura Performance Center 7.1

Avaya Aura Experience Portal 7.x. Avaya Proprietary Use pursuant to the terms of your signed agreement or Avaya policy.

vsphere Installation and Setup Update 2 Modified on 01 DEC 2017 VMware vsphere 6.0 VMware ESXi 6.0 vcenter Server 6.0

vcenter Server Installation and Setup Update 1 Modified on 30 OCT 2018 VMware vsphere 6.7 vcenter Server 6.7

vsphere Installation and Setup Update 1 Modified on 04 DEC 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

VMware vsphere 4. Architecture VMware Inc. All rights reserved

Cisco Expressway with Jabber Guest

vsphere Upgrade Update 2 Modified on 4 OCT 2017 VMware vsphere 6.0 VMware ESXi 6.0 vcenter Server 6.0

vcenter Server Installation and Setup Modified on 11 MAY 2018 VMware vsphere 6.7 vcenter Server 6.7

vcenter Server Appliance Configuration Update 1 Modified on 04 OCT 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

Cisco CSPC 2.7.x. Quick Start Guide. Feb CSPC Quick Start Guide

Cisco Terminal Services (TS) Agent Guide, Version 1.0

CounterACT 7.0. Quick Installation Guide for a Single Virtual CounterACT Appliance

Polycom RealPresence Access Director System

Tanium Appliance Installation Guide

Dell Storage Manager 2016 R3 Installation Guide

NetApp Element Plug-in for vcenter Server User Guide

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Cisco Meeting Management

VMware vsphere Administration Training. Course Content

ForeScout CounterACT. Single CounterACT Appliance. Quick Installation Guide. Version 8.0

Cisco UCS C-Series IMC Emulator Quick Start Guide. Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9

Cisco Terminal Services (TS) Agent Guide, Version 1.1

vsphere Installation and Setup Update 2 Modified on 10 JULY 2018 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

vsphere Security Update 2 Modified 04 OCT 2017 VMware vsphere 6.0 VMware ESXi 6.0 vcenter Server 6.0

Storage Manager 2018 R1. Installation Guide

NetApp SolidFire Plug-in for VMware vcenter Server Web Client User Guide

CounterACT 7.0 Single CounterACT Appliance

vcenter Server Appliance Configuration Modified on 17 APR 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7

Planning and Preparation. VMware Validated Design 4.0 VMware Validated Design for Remote Office Branch Office 4.0

NFS Client Configuration with VAAI for ESX Express Guide

VMware vsphere Replication Security Guide

Cisco WebEx Meetings Server Administration Guide Release 1.5

vsphere Security Modified on 21 JUN 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7

NetApp SolidFire Plug-in for VMware vcenter Server Web Client User Guide

Cisco TelePresence Video Communication Server Basic Configuration (Single VCS Control)

vsphere Security Update 1 Modified 03 NOV 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

Direct Upgrade Procedure for Cisco Unified Communications Manager Releases 6.1(2) 9.0(1) to 9.1(x)

Polycom RealPresence Access Director System

vcloud Usage Meter 3.6 User's Guide vcloud Usage Meter 3.6

Cisco Expressway Web Proxy for Cisco Meeting Server

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Stonesoft Management Center. Release Notes for Version 5.6.1

VMware vsphere 5.0 Migration vcenter Server 5.0 Pre- Upgrade Checklist (version 1)

Cisco Meeting Management

RecoverPoint for Virtual Machines

Avaya Port Matrix: Updated for Communication Manager 6.3.6

NetScaler Analysis and Reporting. Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi

vcenter Operations Management Pack for NSX-vSphere

Cisco Terminal Services (TS) Agent Guide, Version 1.2

vsphere Security Update 2 Modified on 22 JUN 2018 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

Forescout. Quick Installation Guide. Single Appliance. Version 8.1

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center

Linux Administration

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

ExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Cisco Meeting Management

Cisco WebEx Meetings Server Administration Guide

Installing and Configuring vcenter Support Assistant

Dell EMC. IPv6 Overview for VxBlock Systems

JSA Common Ports Lists

NexentaStor VVOL

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Silver Peak EC-V and Microsoft Azure Deployment Guide

vsphere Security VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5 EN

Installation and Configuration Guide. vcloud Availability for vcloud Director 2.0

Proofpoint Threat Response

vrealize Operations Management Pack for NSX for vsphere 2.0

Installing VMware vsphere 5.1 Components

Polycom RealPresence Access Director System

Stonesoft Management Center. Release Notes Revision A

Introducing VMware Validated Designs for Software-Defined Data Center

Basic Configuration Installation Guide

Authenticating Devices

VMware vsphere 6.0 / 6.5 Infrastructure Deployment Boot Camp

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

vsphere Replication for Disaster Recovery to Cloud vsphere Replication 8.1

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Sophos Virtual Appliance. setup guide

Securing VMware NSX-T J U N E 2018

Basic Configuration Installation Guide

Port Usage Information for the IM and Presence Service

Security in Bomgar Remote Support

VMware vsphere 6.5: Install, Configure, Manage (5 Days)

OpenManage Integration for VMware vcenter Quick Installation Guide for vsphere Web Client Version 3.2

Interdomain Federation for the IM and Presence Service, Release 10.x

Detail the learning environment, remote access labs and course timings

Stonesoft Management Center. Release Notes Revision A

Administering VMware vsphere and vcenter 5

Cisco Meeting Management

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline Collector 2.0

VMware vfabric Data Director Installation Guide

Product Support Notice

Transcription:

Avaya Port Matrix Avaya Orchestrator 1.4 Issue 1.0 November 2, 2018 November 2018 Avaya Port Matrix: Avaya Orchestration 1.4 1

ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS PROVIDED "AS IS". AVAYA INC. DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND FURTHERMORE, AVAYA INC. MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE INFORMATION PROVIDED HEREIN WILL ELIMINATE SECURITY THREATS TO CUSTOMERS SYSTEMS. AVAYA INC., ITS RELATED COMPANIES, DIRECTORS, EMPLOYEES, REPRESENTATIVES, SUPPLIERS OR AGENTS MAY NOT, UNDER ANY CIRCUMSTANCES BE HELD LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, PUNITIVE, EXEMPLARY, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THE INFORMATION PROVIDED HEREIN. THIS INCLUDES, BUT IS NOT LIMITED TO, THE LOSS OF DATA OR LOSS OF PROFIT, EVEN IF AVAYA WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS INFORMATION CONSTITUTES ACCEPTANCE OF THESE TERMS. 2018 Avaya Inc. All Rights Reserved. All trademarks identified by the or are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 2

1. Avaya Orchestrator Components Data flows and their sockets are owned and directed by an application. Here a server running on RHEL 7.x has many applications, such as MySQL, Nagios. etc. For all applications, sockets are created on the network interfaces on the server. For the purposes of firewall configuration, these sockets are sourced from the server, so the firewall (iptables service) should be running on the same server. Application components in the Avaya Orchestrator are listed as follows. Component Interface Description Avaya Orchestrator internally uses Nagios for Network management of CPOD devices consists of Internal Applications Public interface / and associated devices. AO (Avaya Orchestrator) vswitch0 / eth0 Configuration from pictorial view of rack and solution components of Pod Fx. MSC Public interface / This integrated toolset automates the update and deployment (Management vswitch0 / eth0 of virtualized applications across the Pod Fx. Server Console) vcenter Server Public interface / vcenter Server Appliance is used to monitor and manage Appliance vswitch0 / eth0 VMware vsphere infrastructure on Pod Fx. November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 3

2. Port Usage Tables 2.1 Port Usage Table Heading Definitions Source System: System name or type that initiates connection requests. Source Port: This is the default layer-4 port number of the connection source. Valid values include: 0 65535. A (C) next to the port number means that the port number is configurable. Destination System: System name or type that receives connection requests. Destination Port: This is the default layer-4 port number to which the connection request is sent. Valid values include: 0 65535. A (C) next to the port number means that the port number is configurable. Network/Application Protocol: This is the name associated with the layer-4 protocol and layers-5-7 application. Optionally Enabled / Disabled: This field indicates whether customers can enable or disable a layer-4 port changing its default port setting. Valid values include: Yes or No No means the default port state cannot be changed (e.g. enable or disabled). Yes means the default port state can be changed and that the port can either be enabled or disabled. Default Port State: The product source or destination port is either open, closed, filtered or N/A. Open: ports will respond to queries Closed: ports may or may not respond to queries and are listed when they can be optionally enabled. Filtered: ports can be open or closed, filtered UDP ports will not respond to queries, filtered TCP will respond to queries but will not allow connectivity. N/A: primarily ephemeral ports used to connect to external sources such as DNS, NTP, etc. Description: Connection details. Add a reference to refer to the Notes section after each table for specifics on any of the row data, if necessary. November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 4

2.2 Port Tables Below are the tables which document the port usage for this product. Table 1. Ports for Avaya Orchestrator (AO) Source Destination Network / Optionally Default Port Port Application Enabled / Description System System Port State (Configurabl (Configurable e Protocol Disabled? Range) Range) Client PC Ephemeral AO 80 TCP/HTTP No Redirected Redirect Web Browser to HTTPS Service (443) Devices Ephemeral AO 162 UDP Yes Open SNMP Traps AO Ephemeral Devices 161 UDP Yes Open SNMP Get requests AO Ephemeral AO 12489 TCP Yes Open (nsclient++) Monitoring tool which can execute external scripts AO Ephemeral AO 5666 TCP Yes Open Nagios Remote Plugin Executor(NRPE) AO Ephemeral AO 5667 TCP Yes Open Nagios Service Check Acceptor(NSCA) AO Ephemeral AO 5693 TCP Yes Open Nagios Cross-Platform Agent(NCPA) AO Ephemeral AO 1433 TCP Yes Open MSSQL (SQL Server) AO Ephemeral AO 3306 TCP Yes Open MySQL database server connections AO Ephemeral Client PC 25 SMTP Yes Open AO Ephemeral Client PC 465 SMTP Yes Open AO Ephemeral Client PC 587 SMTP Yes Open SMTP moves your email on and across networks SMTP moves your email on and across networks SMTP moves your email on and across networks AO Ephemeral Devices 135 TCP Yes Open Windows Management Instrumentation (WMI) AO Ephemeral Devices 445 TCP Yes Open Windows Management Instrumentation (WMI) AO Ephemeral Devices 1024-1034 TCP Yes Open Additional dynamically-assigned ports for Windows Management Instrumentation (WMI) November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 5

System Source Table 2. Ports for MSC Destination Network / Optionally Default Port Port Application Enabled / Port State Description (Configurable System (Configurable Protocol Disabled? Range) Range) Client PC Ephemeral MSC 22 TCP/SSH Yes Open SSH Server Client PC Ephemeral MSC 22 TCP/SSH Yes Open SCP based file copy Client PC Ephemeral MSC 5800, 5900, 6000 VNC Yes Open VNC based login MSC vcenter Ephemeral Server 8443 TCP Yes Open vsphere Web Services requests MSC Ephemeral PVM 22 SSH Yes Yes SSH based login MSC Ephemeral PVM 22 SSH Yes Yes SCP based file copy MSC Ephemeral VPFM 22 SSH Yes Yes SSH based login MSC Ephemeral VPFM 22 SSH Yes Yes SCP based file copy MSC Ephemeral ESXihost 22 SSH Yes Yes SSH based login MSC Ephemeral ESXihost 22 SSH Yes Yes SCP based file copy ESXi Ephemeral MSC 123 UDP Yes Yes NTP Service November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 6

Table 3. Ports for Nimble Storage Remote Source Destination Network / Optionally Default Port Port Application Enabled / Port State Description System (Configurable System (Configurable Protocol Disabled? Range) Range) Nimble Remote Ephemeral CS100 22 SSH Yes Open SSH (Nimble File CLI) Nimble Web Remote Ephemeral CS100 443 TCP Yes Open Nimble Storage Firewall Rules If your organization restricts outbound internet traffic you may need to configure rules which allow the Nimble Storage SAN (Management IP address and Controller A & B diagnostic IP addresses) to communicate with Nimble Storage servers on specific ports. Description Destination Port Protocol AutoSupport and Heartbeat nsdiag.nimblestorage.com TCP 443 HTTPS Software Updates and Downloads update.nimblestorage.com TCP 443 HTTPS Alerts nsalerts.nimblestorage.com TCP 443 HTTPS Streaming Stats & VMVision Per-VM Alerts nsstats.nimblestorage.com TCP 443 HTTPS InfoSight infosight.nimblestorage.com TCP 443 HTTPS Manual SCP of cores to Nimble Storage Support support.nimblestorage.com TCP 22 SCP Nimble Storage Support Secure Tunnel Connection hogan.nimblestorage.com TCP 2222 SSH November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 7

Table 4. Ports for vcenter Server Appliance 6.x Source: https://kb.vmware.com/s/article/2106283 Port Protocol Description 22 TCP System port for SSHD. This port is used only by the vcenter Server Appliance. vcenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port 443. This redirection is useful if you accidentally use http://server instead of https://server. WS-Management (also requires port 443 to be open). 80 TCP If you use a Microsoft SQL database that is stored on the same virtual machine or physical server as vcenter Server, port 80 is used by the SQL Reporting Service. When you install or upgrade vcenter Server, the installer prompts you to change the HTTP port for vcenter Server. Change the vcenter Server HTTP port to a custom value to ensure a successful installation or upgrade. Note: You can change this port number during fresh install of vcsa 6.5 Update 2 and later. You can also migrate vcenter Server installed on Windows with this custom ports to vcsa 6.5 U2 and later. 88 TCP VMware key distribution center port This port must be open on the local and all remote instances of vcenter Server. This is the LDAP port number for the Directory Services for the vcenter Server group. 389 TCP/UDP If another service is running on this port, it may be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535. If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389 to an available port from 1025 through 65535. Use pursuant to the terms of your signed agreement or Avaya policy November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 8

903 TCP Access a virtual machine console from the vsphere Client when the vsphere Client directly connected to the ESXi host. 1514 TCP/UDP vsphere Syslog Collector TLS port for vcenter Server on Windows and vsphere Syslog Service TLS port for vcenter Server Appliance 2012 TCP Control interface RPC for vcenter Single Sign-On (SSO) 2014 TCP RPC port for all VMCA (VMware Certificate Authority) APIs 2020 TCP/UDP Authentication framework management 5480 TCP vcenter Server Appliance Web Console (VAMI) 6500 TCP/UDP ESXi Dump Collector port 6501 TCP Auto Deploy service 6502 TCP Auto Deploy management 7444 TCP Secure Token Service 8010 TCP vsan Observer (Optional - only applicable if running vsan) 8088 TCP Workflow Management Service 9443 TCP vsphere Web Client HTTPS 11711 TCP VMware Directory service (vmdir) LDAP 11712 TCP VMware Directory service (vmdir) LDAPS Use pursuant to the terms of your signed agreement or Avaya policy November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 9

The default port that the vcenter Server system uses to listen for connections from the vsphere Web Client. To enable the vcenter Server system to receive data from the vsphere Web Client, open port 443 in the Firewall. The vcenter Server system also uses port 443 to monitor data transfer from SDK clients. 443 TCP Port 443 is also used for these services: WS-Management (also requires port 80 to be open) Third-party network management client connections to vcenter Server Third-party network management clients access to hosts Note: You can change this port number during fresh install of vcsa 6.5 Update 2 and later. You can also migrate vcenter Server installed on Windows with this custom ports to vcsa 6.5 U2 and later. 514 TCP/UDP vsphere Syslog Collector port for vcenter Server on Windows and vsphere Syslog Service port for vcenter Server Appliance 636 TCP For vcenter Server Enhanced Linked Mode, this is the SSL port of the local instance. If another service is running on this port, it may be preferable to remove it or change its port to a different port. You can run the SSL service on any port from 1025 through 65535. The default port that the vcenter Server system uses to send data to managed hosts. Managed hosts also send a regular heartbeat over UDP port 902 to the vcenter Server system. 902 TCP/UDP This port must not be blocked by firewalls between the server and the hosts or between hosts. Port 902 must not be blocked between the vsphere Client and the hosts. The vsphere Client uses this port to display virtual machine consoles Use pursuant to the terms of your signed agreement or Avaya policy November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 10

Table 5. Ports for VMware ESXi 6.x Source: https://kb.vmware.com/s/article/52960 Product Port Protocol Source Target Purpose ESXi 6.x 9 UDP vcenter Server Virtual Volumes Used by the Virtual Volumes feature ESXi 6.x 22 TCP SSH Client ESXi Host Required for SSH access ESXi 6.x 53 UDP ESXi Host DNS Server DNS client ESXi 6.x 68 UDP DHCP Server ESXi Host DHCP client for IPv4 ESXi 6.x 80 TCP Web Browser ESXi Host ESXi 6.x 161 UDP SNMP Server ESXi Host Welcome page, with download links for different interfaces Allows the host to connect to an SNMP server Use pursuant to the terms of your signed agreement or Avaya policy November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 11

ESXi 6.x 427 TCP/UDP CIM Server ESXi Host The CIM client uses the Service Location Protocol, version 2 (SLPv2) to find CIM servers ESXi 6.x 443 TCP vsphere Web Client ESXi Host Client connections ESXi 6.x 546 TCP/UDP DHCP Server ESXi Host DHCP client for IPv6 ESXi 6.x 547 TCP/UDP ESXi Host DHCP Server DHCP client for IPv6 ESXi 6.x 902 TCP/UDP VMware vcenter Agent ESXi Host vcenter Server agent ESXi 6.x 2233 TCP ESXi Host vsan Transport ESXi 6.x 3260 TCP ESXi Host Software iscsi Client Used for RDT traffic (Unicast peer to peer communication) between vsan nodes. Supports software iscsi Use pursuant to the terms of your signed agreement or Avaya policy November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 12

ESXi 6.x 5671 TCP ESXi Host rabbitmqproxy A proxy running on the ESXi host that allows applications running inside virtual machines to communicate to the AMQP brokers running in the vcenter network domain. The virtual machine does not have to be on the network, that is, no NIC is required. The proxy connects to the brokers in the vcenter network domain. Therefore, the outgoing connection IP addresses should at least include the current brokers in use or future brokers. Brokers can be added if customer would like to scale up. ESXi 6.x ######## TCP CIM Server ESXi Host Server for CIM (Common Information Model) ESXi 6.x 5989 TCP CIM Secure Server ESXi Host Secure server for CIM Use pursuant to the terms of your signed agreement or Avaya policy November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 13

ESXi 6.x 6999 UDP NSX Distributed Logical Router Service ESXi Host NSX Virtual Distributed Router service. The firewall port associated with this service is opened when NSX VIBs are installed and the VDR module is created. If no VDR instances are associated with the host, the port does not have to be open.this service was called NSX Distributed Logical Router in earlier versions of the product. ESXi 6.x 8000 TCP ESXi Host ESXi Host vmotion ESXi 6.x 8080 TCP vsanvp ESXi Host ESXi 6.x ######## TCP\UDP Fault Tolerance ESXi Host ESXi 6.x ######## UDP DVSSync ESXi Host vsan VASA Vendor Provider. Used by the Storage Management Service (SMS) that is part of vcenter to access information about vsan storage profiles, capabilities, and compliance. If disabled, vsan Storage Profile Based Management (SPBM) does not work. Traffic between hosts for vsphere Fault Tolerance (FT). DVSSync ports are used for synchronizing states of distributed virtual ports between hosts that have VMware FT record/replay enabled. Only hosts that run primary or backup virtual machines must have these ports open. On hosts that are not using VMware FT these ports do not have to be open. Use pursuant to the terms of your signed agreement or Avaya policy November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 14

ESXi 6.x 12345, 23451 UDP ESXi Host vsan Clustering Service Cluster Monitoring, Membership, and Directory Service used by vsan. ESXi 6.x 443 TCP ESXi Host vcenter Server Deploy VIBs for NSX ESXi 6.x 44046, 31031 TCP ESXi Host HBR Used for ongoing replication traffic by vsphere Replication and VMware Site Recovery Manager. ESXi Dump Collector 6500 UDP ESXi vcenter Server Network coredump server ESXi Dump Collector 8000 TCP ESXi vcenter Server Network coredump web port ESXi Syslog Collector 8001 TCP ESXi vcenter Server Network syslog server Use pursuant to the terms of your signed agreement or Avaya policy November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 15

Table 8. Ports for vsphere Update Manager T C P P o r t N u m b e r D e s c r i p t i o n 80 The port used by Update Manager to connect to vcenter Server. 9084 The port used by ESX/ESXi hosts to access host patch downloads over HTTP. 902 The port used by Update Manager to push host upgrade files. 8084 The port used by Update Manager client plug-in to connect to the Update Manager SOAP server. 9087 The HTTPS port used by Update Manager Client plug-in to upload host upgrade files. Use pursuant to the terms of your signed agreement or Avaya policy November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 16

3. Port Matrix document for other Avaya applications The table below lists down Avaya Support Site links to the applications which are not covered in this document: Application Avaya Support Site Link Avaya Diagnostics Server 2.5 Avaya Aura Utility Services 7.0 https://downloads.avaya.com/css/p8/documents/101007901 https://downloads.avaya.com/css/p8/documents/101018743 Avaya Aura Communication Manager 7.0 https://downloads.avaya.com/css/appmanager/css/p8secure/documents/101014660 Avaya Aura System Manager 7.0 Avaya Control Manager Avaya Aura Application Enablement Services 7.0 Avaya Aura WFO 15.1 Framework Avaya Aura Communication Manager Messaging 7.0 Avaya Aura Conferencing 8.0 https://downloads.avaya.com/css/p8/documents/101014664 https://downloads.avaya.com/css/p8/documents/101018665 https://downloads.avaya.com/css/p8/documents/101018988 https://downloads.avaya.com/css/p8/documents/101018997 https://downloads.avaya.com/css/p8/documents/101014662 https://downloads.avaya.com/css/p8/documents/100182338 Other port matrix documents which are not listed in this table can be found at https://support.avaya.com/helpcenter/getgenericdetails?detailid=c201082074362003. November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 17

What are ports and how are they used? Appendix A: Overview of TCP/IP Ports TCP and UDP use ports (defined at http://www.iana.org/assignments/port-numbers) to route traffic arriving at a particular IP device to the correct upper layer application. These ports are logical descriptors (numbers) that help devices multiplex and de-multiplex information streams. For example, your PC may have multiple applications simultaneously receiving information: email using destination TCP port 25, a browser using destination TCP port 443 and a ssh session using destination TCP port 22. These logical ports allow the PC to de-multiplex a single incoming serial data packet stream into three mini-streams inside the PC. Each of the mini-streams is directed to the correct high-level application identified by the port numbers. Every IP device has incoming (Ingress) and outgoing (Egress) data streams. Ports are used in TCP and UDP to name the ends of logical connections which carry data flows. TCP and UDP streams have an IP address and port number for both source and destination IP devices. The pairing of an IP address and a port number is called a socket. Therefore, each data stream is uniquely identified with two sockets. Source and destination sockets must be known by the source before a data stream can be sent to the destination. Some destination ports are open to receive data streams and are called listening ports. Listening ports actively wait for a source (client) to make contact with the known protocol associated with the port number. HTTPS, as an example, is assigned port number 443. When a destination IP device is contacted by a source device using port 443, the destination uses the HTTPS protocol for that data stream conversation. Port Types Port numbers are divided into three ranges: Well Known Ports, Registered Ports, and Dynamic Ports (sometimes called Private Ports). The Well Known and Registered ports are assigned by IANA (Internet Assigned Numbers Authority) and are found here: http://www.iana.org/assignments/port-numbers. Well Known Ports Well Known Ports are those numbered from 0 through 1023. For the purpose of providing services to unknown clients, a service listen port is defined. This port is used by the server process as its listen port. Common services often use listen ports in the well-known port range. A well-known port is normally active meaning that it is listening for any traffic destined for a specific application. For example, well known port 23 on a server is actively waiting for a data source to contact the server IP address using this port number to establish a Telnet session. Well known port 25 is waiting for an email session, etc. These ports are tied to a well understood application and range from 0 to 1023. In UNIX and Linux operating systems, only root may open or close a well-known port. Well Known Ports are also commonly referred to as privileged ports. Registered Ports Registered Ports are those numbered from 1024 through 49151. Unlike well-known ports, these ports are not restricted to the root user. Less common services register ports in this range. Avaya uses ports in this range for call control. Some, but not all, ports used by Avaya in this range include: 1719/1720 for H.323, 5060/5061 for SIP, 2944 for H.248 and others. The registered port range is 1024 49151. Even though a port is registered with an application name, industry often uses these ports for different applications. Conflicts can occur in an enterprise when a port with one meaning is used by two servers with different meanings. November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 18

Dynamic Ports Sockets Dynamic Ports are those numbered from 49152 through 65535. Dynamic ports, sometimes called private ports, are available to use for any general purpose. This means there are no meanings associated with these ports (similar to RFC 1918 IP Address Usage). These are the safest ports to use because no application types are linked to these ports. The dynamic port range is 49152 65535. A socket is the pairing of an IP address with a port number. An example would be 192.168.5.17:3009, where 3009 is the socket number associated with the IP address. A data flow, or conversation, requires two sockets one at the source device and one at the destination device. The data flow then has two sockets with a total of four logical elements. Each data flow must be unique. If one of the four elements is unique, the data flow is unique. The following three data flows are uniquely identified by socket number and/or IP address. Data Flow 1: 172.16.16.14:1234-10.1.2.3:2345 two different port numbers and IP addresses and is a valid and typical socket pair Data Flow 2: 172.16.16.14.1235-10.1.2.3:2345 same IP addresses and port numbers on the second IP address as data flow 1, but since the port number on the first socket differs, the data flow is unique Data Flow 3: 172.16.16.14:1234-10.1.2.4:2345 If one IP address octet changes, or one port number changes, the data flow is unique. Socket Example Diagram Client HTTP-Get Source 192.168.1.10:1369 Destination 10.10.10.47:80 Web Server TCP-info Destination 192.168.1.10:1369 Source 10.10.10.47:80 ` Figure 1. Socket example showing ingress and egress data flows from a PC to a web server The client egress stream includes the client s source IP and socket (1369) and the destination IP and socket (80). The ingress stream from the server has the source and destination information reversed. Understanding Firewall Types and Policy Creation Firewall Types There are three basic firewall types: Packet Filtering Application Level Gateways (Proxy Servers) Hybrid (Stateful Inspection) November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 19

Packet Filtering is the most basic form of the firewalls. Each packet that arrives or leaves the network has its header fields examined against criterion to either drop the packet or let it through. Routers configured with Access Control Lists (ACL) use packet filtering. An example of packet filtering is preventing any source device on the Engineering subnet to telnet into any device in the Accounting subnet. Application level gateways (ALG) act as a proxy, preventing a direct connection between the foreign device and the internal destination device. ALGs filter each individual packet rather than blindly copying bytes. ALGs can also send alerts via email, alarms or other methods and keep log files to track significant events. Hybrid firewalls are dynamic systems, tracking each connection traversing all interfaces of the firewall and making sure they are valid. In addition to looking at headers, the content of the packet, up through the application layer, is examined. A stateful inspection firewall also monitors the state of the connection and compiles the information in a state table. Stateful inspection firewalls close off ports until the connection to the specific port is requested. This is an enhancement to security against port scanning 1. Firewall Policies The goals of firewall policies are to monitor, authorize and log data flows and events. They also restrict access using IP addresses, port numbers and application types and sub-types. This paper is focused with identifying the port numbers used by Avaya products so effective firewall policies can be created without disrupting business communications or opening unnecessary access into the network. Knowing that the source column in the following matrices is the socket initiator is key in building some types of firewall policies. Some firewalls can be configured to automatically create a return path through the firewall if the initiating source is allowed through. This option removes the need to enter two firewall rules, one for each stream direction, but can also raise security concerns. Another feature of some firewalls is to create an umbrella policy that allows access for many independent data flows using a common higher layer attribute. Finally, many firewall policies can be avoided by placing endpoints and the servers that serve those endpoints in the same firewall zone. 1 The act of systematically scanning a computer's ports. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks, but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer. November 2018 Avaya Port Matrix: Avaya Orchestrator 1.4 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback